diff mbox series

[PATCHv11,4/8] iomap: Fix possible overflow condition in iomap_write_delalloc_scan

Message ID c126c4aeecc436dce702a20e5100ed148598ff8b.1688188958.git.ritesh.list@gmail.com (mailing list archive)
State Deferred, archived
Headers show
Series iomap: Add support for per-block dirty state to improve write performance | expand

Commit Message

Ritesh Harjani (IBM) July 1, 2023, 7:34 a.m. UTC
folio_next_index() returns an unsigned long value which left shifted
by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead
use folio_pos(folio) + folio_size(folio), which does this correctly.

Suggested-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
---
 fs/iomap/buffered-io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--
2.40.1

Comments

Darrick J. Wong July 13, 2023, 4:33 a.m. UTC | #1
On Sat, Jul 01, 2023 at 01:04:37PM +0530, Ritesh Harjani (IBM) wrote:
> folio_next_index() returns an unsigned long value which left shifted
> by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead
> use folio_pos(folio) + folio_size(folio), which does this correctly.
> 
> Suggested-by: Matthew Wilcox <willy@infradead.org>
> Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>

Fixes: f43dc4dc3eff ("iomap: buffered write failure should not truncate the page cache")

With that added,
Reviewed-by: Darrick J. Wong <djwong@kernel.org>

--D

> ---
>  fs/iomap/buffered-io.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
> index e45368e91eca..cddf01b96d8a 100644
> --- a/fs/iomap/buffered-io.c
> +++ b/fs/iomap/buffered-io.c
> @@ -933,7 +933,7 @@ static int iomap_write_delalloc_scan(struct inode *inode,
>  			 * the end of this data range, not the end of the folio.
>  			 */
>  			*punch_start_byte = min_t(loff_t, end_byte,
> -					folio_next_index(folio) << PAGE_SHIFT);
> +					folio_pos(folio) + folio_size(folio));
>  		}
> 
>  		/* move offset to start of next folio in range */
> --
> 2.40.1
>
diff mbox series

Patch

diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index e45368e91eca..cddf01b96d8a 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -933,7 +933,7 @@  static int iomap_write_delalloc_scan(struct inode *inode,
 			 * the end of this data range, not the end of the folio.
 			 */
 			*punch_start_byte = min_t(loff_t, end_byte,
-					folio_next_index(folio) << PAGE_SHIFT);
+					folio_pos(folio) + folio_size(folio));
 		}

 		/* move offset to start of next folio in range */